From 82e4230b8ea31b15a09175c5b9cf541e902bb05b Mon Sep 17 00:00:00 2001
From: Jess Lowe <86962800+jess-lowe@users.noreply.github.com>
Date: Mon, 30 Mar 2026 10:57:19 +1100
Subject: [PATCH] fix: pin advisory converter to stable commit

---
 .github/workflows/auto_import.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto_import.yaml b/.github/workflows/auto_import.yaml
index 0be48ec7..820b3583 100644
--- a/.github/workflows/auto_import.yaml
+++ b/.github/workflows/auto_import.yaml
@@ -21,7 +21,7 @@ jobs:
           wget https://storage.googleapis.com/cve-osv-conversion/nvd/nvdcve-2.0-$year.json;
         done
     - run: |
-        go install github.com/google/osv/vulnfeeds/cmd/pypi@master
+        go install github.com/google/osv/vulnfeeds/cmd/pypi@09163b7629f5836e55fdf8a99e4514ecf4bec166
         for nvdfile in nvdcve-2.0-*.json; do
           pypi -false_positives triage/false_positives.yaml \
                -nvd_json $nvdfile \